本例配置两台A10负载均衡交换机,以实现在浏览器中通过http利用虚拟IP访问物理地址。两台四层交换机与上联设备以口字型进行连接。
AX3200-HH03-11-2 login: admin
Password:
Last login: Sat Jul 28 10:40:30 CST 2012 from 134.128.187.6 on pts/0
[type ? for help]
AX3200-HH03-11-2-Standby>en
Password:
AX3200-HH03-11-2-Standby#show run
!Current configuration: 10726 bytes
!Configuration last updated at 10:57:21 CST Sat Jul 28 2012
!Configuration last saved at 10:56:51 CST Sat Jul 28 2012
!Configuration last synchronized at 16:53:34 CST Thu Jul 26 2012
!version 2.4.3-p9, build 45 (Sep-13-2011,15:09)
!
hostname AX3200-HH03-11-2
!
clock timezone Asia/Shanghai
!
ntp server 134.128.34.7 1440
ntp disable 134.128.34.7
!
!
!
trunk 2
ethernet 18 to 19
!
vlan 99
untagged ethernet 17 //将17口设为untagged模式,级联两台四层交换机
router-interface ve 99
name "ha_vlan"
!
vlan 300
untagged ethernet 18 to 19
router-interface ve 1
name "to_S5352-2_ge3-4"
!
interface management
ip address 172.31.31.31 255.255.255.0 //管理口IP地址,即MGMT口IP地址
!
interface ve 1 //配置ve接口
ip address 134.130.0.78 255.255.255.248//配置ve接口IP地址,作为ve 1的网关
name "to_s5352-2_ge3-4"
!
interface ve 99
ip address 1.1.1.2 255.255.255.252 //本地址用于两台交换机间的级联及心跳
!
ip route 0.0.0.0 /0 134.130.0.73 cpu-process
!
<<此处省略部分输出>>
ha id 1
ha group 1 priority 50
ha interface ethernet 17 vlan 99
ha check gateway 134.130.0.73 //配置ha check的网关地址
ha check vlan 300 timeout 10
ha conn-mirror ip 1.1.1.1
!
ha preemption-enable
floating-ip 134.130.0.76 ha-group 1 //配置ha浮动IP
!
!
ip nat pool fjtelecom_Snat_ip 134.130.65.68 134.130.65.69 netmask /26 //配置地址转换
!
health monitor http_check_18049 //配置健康检查,通过http协议,采用18049端口,即在浏览器中输入“http://IP地址:端口号/IOMPROJ/testFind.jsp”进行测试
method http port 18049 url GET /IOMPROJ/testFind.jsp expect "return success"
!
health monitor srmweb_http_check_7011
method http port 7011 url GET /SRMWeb/checkAppHealth.jsp expect "111 invoke return"
!
health monitor bill_http_check_7051
method http port 7051 url GET /dat/livecheck/check expect ok
!
!
!
!
!
slb server _s_134.130.8.11 134.130.8.11
health-check http_check_18049 //调用上文配置的http_check_18049进行健康检查
conn-limit 8000000 no-logging //限制最大连接数为8000000
port 18049 tcp
conn-limit 8000000 no-logging
!
slb server _s_134.130.8.12 134.130.8.12
health-check http_check_18049
conn-limit 8000000 no-logging
port 18049 tcp
conn-limit 8000000 no-logging
!
<<此处省略部分输出>>
slb server _s_134.130.8.21 134.130.8.21
health-check http_check_18049
conn-limit 8000000 no-logging
port 18049 tcp
conn-limit 8000000 no-logging
!
<<此处省略部分输出>>
slb server _s_134.130.8.71 134.130.8.71
health-check srmweb_http_check_7011
conn-limit 8000000 no-logging
port 7011 tcp
conn-limit 8000000 no-logging
!
<<此处省略部分输出>>
slb server _s_134.130.4.11 134.130.4.11
health-check bill_http_check_7051
conn-limit 8000000 no-logging
port 7051 tcp
conn-limit 8000000 no-logging
!
<<此处省略部分输出>>
!
!
slb service-group sg-pfweb1-18049 tcp //为使用相同策略的服务器端口定义服务组
method least-connection //定义策略
health-check http_check_18049 //定义健康检查
member _s_134.130.8.11:18049 //定义服务组成员
member _s_134.130.8.12:18049
!
<<此处省略部分输出>>
slb service-group sg-srmweb1-7011 tcp
method least-connection
health-check srmweb_http_check_7011
member _s_134.130.8.71:7011
member _s_134.130.8.72:7011
member _s_134.130.8.73:7011
member _s_134.130.8.74:7011
!
<<此处省略部分输出>>
slb service-group sg-billweb1-7051 tcp
method least-connection
health-check bill_http_check_7051
member _s_134.130.4.11:7051
member _s_134.130.4.12:7051
member _s_134.130.4.13:7051
member _s_134.130.4.14:7051
member _s_134.130.4.21:7051
member _s_134.130.4.22:7051
member _s_134.130.4.23:7051
member _s_134.130.4.24:7051
!
!
slb template persist source-ip fjtelecom_persist //配置粘连模板
timeout 120
!
!
slb virtual-server vs-pfweb1 134.130.65.70
ha-group 1
port 18049 tcp
source-nat pool fjtelecom_Snat_ip
service-group sg-pfweb1-18049 //在虚拟服务器下,与上面已设定的服务器组建立关联,缺少此句,则只能访问实地址
template persist source-ip fjtelecom_persist //有粘连模式,省略此句则为无粘连模式
!
<<此处省略部分输出>>
slb virtual-server vs-pfapp3 134.130.65.72
ha-group 1
port 18049 tcp
source-nat pool fjtelecom_Snat_ip
service-group sg-pfapp3-18049
!
slb virtual-server vs-srmweb1 134.130.65.81
ha-group 1
port 7011 tcp
source-nat pool fjtelecom_Snat_ip
service-group sg-srmweb1-7011
template persist source-ip fjtelecom_persist
!
<<此处省略部分输出>>
!
enable-management service ssh ethernet 1 to 22 ve 1 ve 99
enable-management service telnet management ethernet 1 to 22 ve 1 ve 99
enable-management service http ethernet 1 to 22 ve 1 ve 99
enable-management service https ethernet 1 to 22 ve 1 ve 99
enable-management service snmp ethernet 1 to 22 ve 1 ve 99
!
!
!
!
web-service timeout-policy idle 30
!
!
terminal idle-timeout 30
!
end
至此,在应用的配合下,可在浏览器中输入健康检查页面地址,形如 http://virtualIP:18049/IOMPROJ/testFind.jsp进行测试。若返回健康检查连接中的内容,则配置成功。
注:若在一台负载均衡交换机上有配置nat地址转换,如本例的fjtelecom_Snat_ip,而另一台没有,则通过ha sync all to-run 也无法在另一个节点自动添加fjtelecom_Snat_ip。需先手动添加地址转换,如“ip nat pool fjtelecom_Snat_ip 134.130.65.68 134.130.65.69 netmask /26”,否则无法实现虚拟地址解析。
此外,也可通过图形界面进行配置。
E.O.F
2012-07-28
AX3200-HH03-11-2 login: admin
Password:
Last login: Sat Jul 28 10:40:30 CST 2012 from 134.128.187.6 on pts/0
[type ? for help]
AX3200-HH03-11-2-Standby>en
Password:
AX3200-HH03-11-2-Standby#show run
!Current configuration: 10726 bytes
!Configuration last updated at 10:57:21 CST Sat Jul 28 2012
!Configuration last saved at 10:56:51 CST Sat Jul 28 2012
!Configuration last synchronized at 16:53:34 CST Thu Jul 26 2012
!version 2.4.3-p9, build 45 (Sep-13-2011,15:09)
!
hostname AX3200-HH03-11-2
!
clock timezone Asia/Shanghai
!
ntp server 134.128.34.7 1440
ntp disable 134.128.34.7
!
!
!
trunk 2
ethernet 18 to 19
!
vlan 99
untagged ethernet 17 //将17口设为untagged模式,级联两台四层交换机
router-interface ve 99
name "ha_vlan"
!
vlan 300
untagged ethernet 18 to 19
router-interface ve 1
name "to_S5352-2_ge3-4"
!
interface management
ip address 172.31.31.31 255.255.255.0 //管理口IP地址,即MGMT口IP地址
!
interface ve 1 //配置ve接口
ip address 134.130.0.78 255.255.255.248//配置ve接口IP地址,作为ve 1的网关
name "to_s5352-2_ge3-4"
!
interface ve 99
ip address 1.1.1.2 255.255.255.252 //本地址用于两台交换机间的级联及心跳
!
ip route 0.0.0.0 /0 134.130.0.73 cpu-process
!
<<此处省略部分输出>>
ha id 1
ha group 1 priority 50
ha interface ethernet 17 vlan 99
ha check gateway 134.130.0.73 //配置ha check的网关地址
ha check vlan 300 timeout 10
ha conn-mirror ip 1.1.1.1
!
ha preemption-enable
floating-ip 134.130.0.76 ha-group 1 //配置ha浮动IP
!
!
ip nat pool fjtelecom_Snat_ip 134.130.65.68 134.130.65.69 netmask /26 //配置地址转换
!
health monitor http_check_18049 //配置健康检查,通过http协议,采用18049端口,即在浏览器中输入“http://IP地址:端口号/IOMPROJ/testFind.jsp”进行测试
method http port 18049 url GET /IOMPROJ/testFind.jsp expect "return success"
!
health monitor srmweb_http_check_7011
method http port 7011 url GET /SRMWeb/checkAppHealth.jsp expect "111 invoke return"
!
health monitor bill_http_check_7051
method http port 7051 url GET /dat/livecheck/check expect ok
!
!
!
!
!
slb server _s_134.130.8.11 134.130.8.11
health-check http_check_18049 //调用上文配置的http_check_18049进行健康检查
conn-limit 8000000 no-logging //限制最大连接数为8000000
port 18049 tcp
conn-limit 8000000 no-logging
!
slb server _s_134.130.8.12 134.130.8.12
health-check http_check_18049
conn-limit 8000000 no-logging
port 18049 tcp
conn-limit 8000000 no-logging
!
<<此处省略部分输出>>
slb server _s_134.130.8.21 134.130.8.21
health-check http_check_18049
conn-limit 8000000 no-logging
port 18049 tcp
conn-limit 8000000 no-logging
!
<<此处省略部分输出>>
slb server _s_134.130.8.71 134.130.8.71
health-check srmweb_http_check_7011
conn-limit 8000000 no-logging
port 7011 tcp
conn-limit 8000000 no-logging
!
<<此处省略部分输出>>
slb server _s_134.130.4.11 134.130.4.11
health-check bill_http_check_7051
conn-limit 8000000 no-logging
port 7051 tcp
conn-limit 8000000 no-logging
!
<<此处省略部分输出>>
!
!
slb service-group sg-pfweb1-18049 tcp //为使用相同策略的服务器端口定义服务组
method least-connection //定义策略
health-check http_check_18049 //定义健康检查
member _s_134.130.8.11:18049 //定义服务组成员
member _s_134.130.8.12:18049
!
<<此处省略部分输出>>
slb service-group sg-srmweb1-7011 tcp
method least-connection
health-check srmweb_http_check_7011
member _s_134.130.8.71:7011
member _s_134.130.8.72:7011
member _s_134.130.8.73:7011
member _s_134.130.8.74:7011
!
<<此处省略部分输出>>
slb service-group sg-billweb1-7051 tcp
method least-connection
health-check bill_http_check_7051
member _s_134.130.4.11:7051
member _s_134.130.4.12:7051
member _s_134.130.4.13:7051
member _s_134.130.4.14:7051
member _s_134.130.4.21:7051
member _s_134.130.4.22:7051
member _s_134.130.4.23:7051
member _s_134.130.4.24:7051
!
!
slb template persist source-ip fjtelecom_persist //配置粘连模板
timeout 120
!
!
slb virtual-server vs-pfweb1 134.130.65.70
ha-group 1
port 18049 tcp
source-nat pool fjtelecom_Snat_ip
service-group sg-pfweb1-18049 //在虚拟服务器下,与上面已设定的服务器组建立关联,缺少此句,则只能访问实地址
template persist source-ip fjtelecom_persist //有粘连模式,省略此句则为无粘连模式
!
<<此处省略部分输出>>
slb virtual-server vs-pfapp3 134.130.65.72
ha-group 1
port 18049 tcp
source-nat pool fjtelecom_Snat_ip
service-group sg-pfapp3-18049
!
slb virtual-server vs-srmweb1 134.130.65.81
ha-group 1
port 7011 tcp
source-nat pool fjtelecom_Snat_ip
service-group sg-srmweb1-7011
template persist source-ip fjtelecom_persist
!
<<此处省略部分输出>>
!
enable-management service ssh ethernet 1 to 22 ve 1 ve 99
enable-management service telnet management ethernet 1 to 22 ve 1 ve 99
enable-management service http ethernet 1 to 22 ve 1 ve 99
enable-management service https ethernet 1 to 22 ve 1 ve 99
enable-management service snmp ethernet 1 to 22 ve 1 ve 99
!
!
!
!
web-service timeout-policy idle 30
!
!
terminal idle-timeout 30
!
end
至此,在应用的配合下,可在浏览器中输入健康检查页面地址,形如 http://virtualIP:18049/IOMPROJ/testFind.jsp进行测试。若返回健康检查连接中的内容,则配置成功。
注:若在一台负载均衡交换机上有配置nat地址转换,如本例的fjtelecom_Snat_ip,而另一台没有,则通过ha sync all to-run 也无法在另一个节点自动添加fjtelecom_Snat_ip。需先手动添加地址转换,如“ip nat pool fjtelecom_Snat_ip 134.130.65.68 134.130.65.69 netmask /26”,否则无法实现虚拟地址解析。
此外,也可通过图形界面进行配置。
E.O.F
2012-07-28